QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2523

Published: Mar 24, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://twitter.com/grsecurity/statuses/445496197399461888

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=1077343

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92

x_refsource_CONFIRM

linux-kernel-cve20142523-code-exec(91910)

vdb-entry

x_refsource_XF

https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92

x_refsource_CONFIRM

[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.